1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# SPDX-FileCopyrightText: 2020 Aluísio Augusto Silva Gonçalves <https://aasg.name>
#
# SPDX-License-Identifier: MPL-2.0 or MIT
# RFC 4034, 2
{ lib }:
let
inherit (builtins) isInt split;
inherit (lib) concatStrings flatten mkOption types;
dnssecOptions = import ./dnssec.nix { inherit lib; };
inherit (dnssecOptions) mkDNSSECAlgorithmOption;
in
{
rtype = "DNSKEY";
options = {
flags = mkOption {
description = "Flags pertaining to this RR.";
type = types.either types.ints.u16 (types.submodule {
options = {
zoneSigningKey = mkOption {
description = "Whether this RR holds a zone signing key (ZSK).";
type = types.bool;
default = false;
};
secureEntryPoint = mkOption {
type = types.bool;
description = ''
Whether this RR holds a secure entry point.
In general, this means the key is a key-signing key (KSK), as opposed to a zone-signing key.
'';
default = false;
};
};
});
apply = value:
if isInt value
then value
else
(if value.zoneSigningKey then 256 else 0)
+ (if value.secureEntryPoint then 1 else 0);
};
algorithm = mkDNSSECAlgorithmOption {
description = "Algorithm of the key referenced by this RR.";
};
publicKey = mkOption {
type = types.str;
description = "Base64-encoded public key.";
apply = value: concatStrings (flatten (split "[[:space:]]" value));
};
};
dataToString = { flags, algorithm, publicKey, ... }:
"${toString flags} 3 ${toString algorithm} ${publicKey}";
}